From f77e16d254a55460ec0f7b0944c5353e9eaedfef Mon Sep 17 00:00:00 2001 From: indifferentketchup Date: Sun, 7 Jun 2026 23:17:38 +0000 Subject: [PATCH] feat(agents): differentiate tool restrictions per agent role Each of 9 agents now has a unique purpose-scoped tool whitelist: - Security Auditor: 10 tools (tightest, static analysis only) - Prompt Builder: 5 tools (core file exploration + overview) - Code Reviewer/Debugger/Recon: 18 tools each (different codecontext subsets) - Refactorer/Planner: 19 tools each (full codecontext, planner narrower fs) - Architect: 22 tools (only one with web_search + web_fetch) - Builder: 25 tools (unchanged, only write-capable) --- data/AGENTS.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/data/AGENTS.md b/data/AGENTS.md index 5f5e650..6d4e0dd 100644 --- a/data/AGENTS.md +++ b/data/AGENTS.md @@ -17,7 +17,7 @@ top_p: 0.95 top_k: 20 min_p: 0.0 presence_penalty: 0.0 -tools: [find_files, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_semantic_neighborhoods, get_symbol_info, grep, list_dir, search_symbols, view_file, watch_changes, request_read_access, view_truncated_output, ask_user_input, git_status, get_blast_radius, get_hot_files, get_middleware, get_routes] +tools: [find_files, get_blast_radius, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_hot_files, get_middleware, get_routes, get_semantic_neighborhoods, get_symbol_info, git_status, grep, list_dir, request_read_access, search_symbols, view_file, view_truncated_output] description: Reviews code for bugs, security issues, and maintainability. Read-only. --- You review code. Find real problems, not style nits. @@ -56,7 +56,7 @@ top_p: 0.95 top_k: 20 min_p: 0.0 presence_penalty: 0.0 -tools: [find_files, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_semantic_neighborhoods, get_symbol_info, grep, list_dir, search_symbols, view_file, watch_changes, request_read_access, view_truncated_output, ask_user_input, git_status, get_blast_radius, get_hot_files, get_middleware, get_routes] +tools: [ask_user_input, find_files, get_blast_radius, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_hot_files, get_semantic_neighborhoods, get_symbol_info, git_status, grep, list_dir, request_read_access, search_symbols, view_file, view_truncated_output, watch_changes] description: Diagnoses bugs from error messages, logs, or described symptoms. --- You diagnose bugs. Form a hypothesis, prove it with evidence from the code. @@ -82,7 +82,7 @@ top_k: 20 min_p: 0.0 presence_penalty: 0.0 steps: 5 -tools: [find_files, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_semantic_neighborhoods, get_symbol_info, grep, list_dir, search_symbols, view_file, watch_changes, request_read_access, view_truncated_output, ask_user_input, git_status, get_blast_radius, get_hot_files, get_middleware, get_routes] +tools: [find_files, get_blast_radius, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_hot_files, get_middleware, get_routes, get_semantic_neighborhoods, get_symbol_info, git_status, grep, list_dir, request_read_access, search_symbols, view_file, view_truncated_output, watch_changes] description: Proposes refactors for clarity, deduplication, or decoupling. Read-only — outputs plans, not edits. --- You propose refactors. You do not apply them. The user applies via OpenCode or Claude Code. @@ -125,7 +125,7 @@ top_k: 20 min_p: 0.0 presence_penalty: 1.5 steps: 20 -tools: [find_files, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_semantic_neighborhoods, get_symbol_info, grep, list_dir, search_symbols, view_file, watch_changes, request_read_access, view_truncated_output, ask_user_input, git_status, get_blast_radius, get_hot_files, get_middleware, get_routes] +tools: [find_files, get_blast_radius, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_hot_files, get_middleware, get_routes, get_semantic_neighborhoods, get_symbol_info, git_status, grep, list_dir, request_read_access, search_symbols, view_file, view_truncated_output, watch_changes, web_fetch, web_search] description: Designs new features, modules, or architectural changes. Outputs a build plan. --- You design. You produce build plans, not code. @@ -167,7 +167,7 @@ top_p: 0.95 top_k: 20 min_p: 0.0 presence_penalty: 0.0 -tools: [find_files, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_semantic_neighborhoods, get_symbol_info, grep, list_dir, search_symbols, view_file, watch_changes, request_read_access, view_truncated_output, ask_user_input, git_status, get_blast_radius, get_hot_files, get_middleware, get_routes] +tools: [find_files, get_codebase_overview, get_dependencies, get_file_analysis, grep, list_dir, request_read_access, search_symbols, view_file, view_truncated_output] description: Audits code for security vulnerabilities. Read-only. --- You audit for security issues. Concrete findings only, no generic warnings. @@ -212,7 +212,7 @@ top_p: 0.95 top_k: 20 min_p: 0.0 presence_penalty: 0.0 -tools: [view_file, list_dir, grep, find_files] +tools: [find_files, get_codebase_overview, grep, list_dir, view_file] description: Builds prompts for OpenCode, Claude Code, or BooCode dispatch. --- You write prompts that another coding agent will execute. Your output is the prompt, not the work. @@ -250,7 +250,7 @@ top_p: 0.95 top_k: 20 min_p: 0.0 presence_penalty: 0.0 -tools: [find_files, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_semantic_neighborhoods, get_symbol_info, grep, list_dir, search_symbols, view_file, watch_changes, request_read_access, view_truncated_output, ask_user_input, git_status, get_blast_radius, get_hot_files, get_middleware, get_routes] +tools: [find_files, get_blast_radius, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_hot_files, get_middleware, get_routes, get_semantic_neighborhoods, get_symbol_info, grep, list_dir, request_read_access, search_symbols, view_file, view_truncated_output, watch_changes] description: Discovers and maps unfamiliar codebases. Reads architecture, traces data flow, identifies key symbols. --- You map codebases. Start broad, then drill into specifics. @@ -278,7 +278,7 @@ top_k: 20 min_p: 0.0 presence_penalty: 0.0 steps: 10 -tools: [find_files, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_semantic_neighborhoods, get_symbol_info, grep, list_dir, search_symbols, view_file, watch_changes, request_read_access, view_truncated_output, ask_user_input, git_status, get_blast_radius, get_hot_files, get_middleware, get_routes] +tools: [ask_user_input, find_files, get_blast_radius, get_codebase_overview, get_dependencies, get_file_analysis, get_framework_analysis, get_hot_files, get_middleware, get_routes, get_semantic_neighborhoods, get_symbol_info, git_status, grep, list_dir, request_read_access, search_symbols, view_file, watch_changes] description: Produces actionable step plans from requirements. Read-only — never modifies files. --- You produce actionable step plans. You do not modify files.